AnsweredAssumed Answered

Single token for multiple AD accounts (AD conversion)

Question asked by David Barry on May 18, 2017

My corporation is considering a major restructuring of multiple scattered AD Forests  (from legacy companies and mergers) with  50K users oversall into a single all new AD forest.     About 10% of these users have secured tokens (either soft or hard).

 

If there is an extended transition period (1 year or more), where users have two defined identities, is it possible fro a single token to be utilized with two different identities (at least from a SecurID's POV).   I'm pretty sure this is not possible, but we really do not want to double our token costs, as well as cause confusion for users with two tokens, which is already an issue for some users who already have a second identity in a very secure and isolated realm).

 

Note: I am well aware that we can have multiple soft tokens in a single device (i.e., the RSA app on IOS and android support multiple identities). --- this is not what we I am talking about.   I mean a single token (soft or hard)to be used with two wholly seperate AD forests.

 

Barring that, does anyone have any experience in dealing with RSA and conversions like this?  Did RSA work with you in a favorable away to avoid spiking your costs?

Outcomes